}
// </editor-fold>
//
// It's time to process Rules !!!!
//
// <editor-fold desc="Rule Processing" defaultstate="collapsed" >
$totalObjectsProcessed = 0;
foreach ($rulesToProcess as &$rulesRecord) {
$store = $rulesRecord['store'];
$rules =& $rulesRecord['rules'];
$subObjectsProcessed = 0;
print "\n* processing ruleset '" . $store->toString() . " that holds " . count($rules) . " rules\n";
foreach ($rules as $rule) {
// If a filter query was input and it doesn't match this object then we simply skip it
if ($objectFilterRQuery !== null) {
$queryResult = $objectFilterRQuery->matchSingleObject(array('object' => $rule, 'nestedQueries' => &$nestedQueries));
if (!$queryResult) {
continue;
}
}
$totalObjectsProcessed++;
$subObjectsProcessed++;
// object will pass through every action now
foreach ($doActions as $doAction) {
$doAction->padding = ' ';
$doAction->executeAction($rule);
print "\n";
}
}
print "* objects processed in DG/Vsys '{$store->owner->name()}' : {$subObjectsProcessed} filtered over {$store->count()} available\n\n";
}
return $denyRule;
} else {
unset($denyRules[$index]);
}
}
return $foundRule;
}
foreach ($rulesToProcess as $index => $rule) {
$loopCount++;
if (isset($rule->alreadyMerged)) {
continue;
}
if ($rule->actionIsNegative()) {
continue;
}
if ($filterQuery !== null && !$filterQuery->matchSingleObject($rule)) {
continue;
}
print "\n";
/** @var SecurityRule[] $matchingHashTable */
$matchingHashTable = $hashTable[$rule->mergeHash];
$rulePosition = $rulesArrayIndex[$rule->indexPosition];
// clean already merged rules
foreach ($matchingHashTable as $ruleToCompare) {
if (isset($ruleToCompare->alreadyMerged)) {
unset($matchingHashTable[$ruleToCompare->serial]);
}
}
if (count($matchingHashTable) == 1) {
print "- no match for rule #{$loopCount} '{$rule->name()}''\n";
continue;
}, 'arg' => true);
RQuery::$defaultFilters['rule']['dst']['operators']['has.recursive.from.query'] = array('eval' => function ($object, &$nestedQueries, $argument) {
/** @var $object Rule|SecurityRule */
if ($object->destination->count() == 0) {
return false;
}
if ($argument === null || !isset($nestedQueries[$argument])) {
derr("cannot find nested query called '{$argument}'");
}
$errorMessage = '';
$rQuery = new RQuery('address');
if ($rQuery->parseFromString($nestedQueries[$argument], $errorMessage) === false) {
derr('nested query execution error : ' . $errorMessage);
}
foreach ($object->destination->all() as $member) {
if ($rQuery->matchSingleObject(array('object' => $member, 'nestedQueries' => &$nestedQueries))) {
return true;
}
}
return false;
}, 'arg' => true);
// //
// Tag Based filters //
// //
RQuery::$defaultFilters['rule']['tag']['operators']['has'] = array('eval' => function ($object, &$nestedQueries, $value) {
/** @var $object Rule|SecurityRule|NatRule|DecryptionRule */
return $object->tags->hasTag($value) === true;
}, 'arg' => true, 'argObjectFinder' => "\$objectFind=null;\n\$objectFind=\$object->tags->parentCentralStore->find('!value!');");
RQuery::$defaultFilters['rule']['tag']['operators']['has.nocase'] = array('eval' => function ($object, &$nestedQueries, $value) {
/** @var $object Rule|SecurityRule|NatRule|DecryptionRule */
return $object->tags->hasTag($value, false) === true;
}
}
// </editor-fold>
//
// It's time to process Rules !!!!
//
// <editor-fold desc=" ***** Object Processing *****" defaultstate="collapsed" >
$totalObjectsProcessed = 0;
foreach ($objectsToProcess as &$objectsRecord) {
$subObjectsProcessed = 0;
$store = $objectsRecord['store'];
$objects =& $objectsRecord['objects'];
print "\n* processing store '" . PH::boldText($store->toString()) . " that holds " . PH::boldText(count($objects)) . " objects\n";
foreach ($objects as $object) {
if ($objectFilterRQuery !== null) {
$queryResult = $objectFilterRQuery->matchSingleObject($object);
if (!$queryResult) {
continue;
}
}
$totalObjectsProcessed++;
$subObjectsProcessed++;
//mwarning($object->name());
foreach ($doActions as $doAction) {
$doAction->executeAction($object);
print "\n";
}
}
print "* objects processed in DG/Vsys '{$store->owner->name()}' : {$subObjectsProcessed}\n\n";
}
// </editor-fold>
/**
* Returns an Array with all Rules inside this store
* @param null|string $withFilter
* @return SecurityRule[]|NatRule[]
*/
public function &rules($withFilter = null)
{
$query = null;
if ($withFilter !== null && $withFilter != '') {
$errMesg = '';
$query = new RQuery('rule');
if ($query->parseFromString($withFilter, $errMsg) === false) {
derr("error while parsing query: {$errMesg}");
}
$res = array();
foreach ($this->rules as $rule) {
if ($query->matchSingleObject($rule)) {
$res[] = $rule;
}
}
if ($this->isPreOrPost) {
foreach ($this->postRules as $rule) {
if ($query->matchSingleObject($rule)) {
$res[] = $rule;
}
}
}
return $res;
}
if (!$this->isPreOrPost) {
$res = $this->rules;
return $res;
}
$res = array_merge($this->rules, $this->postRules);
return $res;
}
